Rest API throwing "Principal is not authorized" error.

Yazaki
New Contributor

Rest API throwing "Principal is not authorized" error.

@JaredDolich 
Hi I am a beginner who just finished Model builder Lv1.
This is my first post and forgive me suddenly mentioning you. I learned a lot from your answers to many query and I wish you could help me. 

Rest API throwing "Principal is not authorized" error.
However same user name and password when used to login to front end portal that works. 
So is there anything that we need to enable/do some settings for the user, so that user can call Anaplan APIs?

====Problem====
・When I executed the Audit API, the response(failure) came back.

{
"status": "FAILURE_INVALID_TOKEN",
"statusMessage": "Principal is not authorized"
}


====Steps followed====
(1)Generate a Authorization Token using following command.

curl -X POST --user [My account(Gmail)]:[My password] https://auth.anaplan.com/token/authenticate


(2)In Postman, set the following request URL.
https://audit.anaplan.com/audit/api/1/events

(3)In Postman, set the following Header KEY/VALUE
KEY : Authorization
VALUE: AnaplanAuthToken [My Token Value]

2 REPLIES 2
JaredDolich
Moderator

Re: Rest API throwing "Principal is not authorized" error.

@Yazaki 

Awesome job getting involved with the APIs! Since you're using Postman AND you're using basic authentication, I would suggest you use version 1 API not version 2. With version 2 you will have to refresh your token every 10 minutes I believe. Not the case with version 1. So use this endpoint:


Jared Dolich
Yazaki
New Contributor

Re: Rest API throwing "Principal is not authorized" error.

Dear @JaredDolich 
Thank you very much for your warm reply !
From your reply I understood that there are 2 versions of API, V1.3 and V2.
And V1.3 uses Basic Authentication and V2.0 uses Token Authentication.

Actually I was trying to use the Audit API, which I am not sure whether it's V1 API or V2 API, 
but reading the documentation, it seems this API requires not only Token, but also "Tenant Auditor" role.So giving "Tenant Auditor" role might be my final solution.

And as you mentioned, the Token is only valid for about 10 minutes so, I am wondering what is best approach to automatically refresh the tokens.. which is another topic..

Anyway, thank you very much for your reply!

Best Regards,
Yazaki